Simple App Privacy Policy

Introduction

This Privacy Policy explains how AM APPS LTD («Company» or «we» or «us») collects, stores, uses, transfers and discloses Personal Data from our users («you») in connection with the Simple mobile application, simple.life website («Website») and related services (collectively, the «App»).

We reserve the right to and may change this Privacy Policy from time to time. If we make any material changes, we will notify you by email (sent to the email address specified when you register), through the App, or by presenting you with a new version of this Privacy Policy for you to accept, if we, for example, add new processing activities or collect some additional Personal Data from you.

Your continued use of the App after the effective date of an updated version of the Privacy Policy will indicate your acceptance of the Privacy Policy as modified. In some cases, you will have to explicitly accept changes to Privacy Policy to continue using the App. We encourage you to periodically review our Website and the App for the latest information on our data privacy practices. If you do not accept the terms of the Privacy Policy, we ask that you do not use the App. Please exit the App immediately if you do not agree to the terms of this Privacy Policy.

1. Personal data and information we collect from you

Personal data you provide to us

When you sign up to use the App, we may collect Personal Data about you such as:

a. Full name;
b. Email address or alias;
c. Gender;
d. Date of birth;
e. Weight;
f. Height;
g. Eating patterns (time and frequency, diet);
h. Activity patterns (exercise);
i. Work information: type (sedentary / active) and schedule;
j. Children (yes/no);
k. Pregnancy (yes/no);
l. Metabolic diseases information;
m. Drug consuming information;
 
When you use the App, you may choose to provide personal information about your health such as:
 
a. Meal intakes data (time, contents, photo);
b. Hunger times;
c. Other information about your health and activities (collectively, «Personal data»).

You will also have an option to permit us to import into the App data from third-party services such as Apple HealthKit, among others. Such imported information may include: sports activities, weight, calories burnt, heartbeat rate, number of steps/distance travelled, and other information about your health.

Permitting us to access third party information can help you to maximize your App experience, and we will handle any such third-party information in full accordance with this Privacy Policy.

Information we collect automatically

When you access or use the App, we may automatically collect the following information:

a. Device Information: We collect information about the mobile device you use to access the App, including the hardware model, information about operating system and its version, unique device identifiers and mobile network information.

b. Location Information: We collect your IP address, time zone, and information about your mobile service provider, which allows us to infer your general location.

c. Information Collected by Tracking Technologies: We use various technologies to collect information about your use of the App, such as frequency of use, which areas and features of our App you visit and your use patterns generally, engagement tracking with particular features, etc.

We may use third-party tools like Appsflyer, Google Firebase and others that provide us some of your attribution data that we further utilize to customize and personalize the App for you. We may also use such data for statistical purposes and analytics.

If the information covered by this Section is aggregated or de-identified so it is no longer reasonably associated with an identified or identifiable natural person, we may use it for any business purpose. To the extent information covered by this Section is associated with an identified or identifiable natural person and is protected as personal data under applicable data protection laws, it is referred to in this Privacy Policy as «Personal Data».

YOUR CONSENT

By creating a profile in the App, you explicitly consent that:

I. WE MAY STORE AND PROCESS YOUR PERSONAL DATA YOU PROVIDE THROUGH THE USAGE OF THE APP AND THROUGH THE ACCOUNT CREATION PROCESS SOLELY FOR THE PURPOSE OF PROVIDING SERVICES TO YOU, TO IMPROVE OUR SERVICE FEATURES AND OTHER PURPOSES INDICATED IN SECTION 2 OF THIS PRIVACY POLICY. SUCH SERVICES MAY INCLUDE SENDING YOU INFORMATION AND REMINDERS THROUGH THE APP OR TO THE EMAIL ADDRESS YOU PROVIDED TO US.

II. PERSONAL DATA YOU PROVIDE TO US THROUGH THE ACCOUNT CREATION PROCESS INCLUDES PERSONAL DATA YOU ENTER INTO THE APP, SUCH AS YOUR ACCOUNT DATA (E.G. YOUR NAME AND EMAIL ADDRESS), AND YOUR HEALTH DATA (E.G. BODY MEASUREMENTS, EATING PATTERNS, PHYSICAL ACTIVITY AND OTHERS). DEPENDING ON THE DATA YOU PROVIDE, IT MAY ALSO CONTAIN INFORMATION ABOUT YOUR GENERAL HEALTH (E.G. WEIGHT, BODY MEASUREMENTS, AND OTHERS).

III. WE WILL NOT TRANSMIT ANY OF YOUR PERSONAL DATA TO THIRD PARTIES UNLESS OTHERWISE IS PROVIDED BY THIS PRIVACY POLICY.

PLEASE NOTE THAT WE WILL NEVER SHARE YOUR EXACT AGE OR ANY DATA RELATED TO YOUR HEALTH WITH ANY THIRD PARTIES.

2. How we use your personal data and information

We may use your information, including your Personal Data, for the following purposes:

a. to analyze, operate, maintain and improve the App, to add new features and services to the App;
b. to customize content and insights you see when you use the App;
c. to suggest changes in your fasting protocol and eating patterns;
d. to provide and deliver the products and services you request, process transactions and send you related information, including confirmations and reminders;
e. to customize product and service offerings and recommendations to you, including third-party products and offerings (except data from Apple HealthKit);
g. to send you technical notices, updates, security alerts and support and administrative messages;
h. for billing (invoicing), account management and other administrative purposes, if applies;
i. to respond to your comments, questions and requests and provide customer service;
j. to monitor and analyze trends, usage and activities in connection with our App;
k. to link or combine with information we get from others or (and) from you to help understand your needs and provide you with better service (to use in training of neural networks, artificial intelligence, as well as for any other automated decision-making processing);
l. for scientific and academic research purposes; and
m. for any other purposes disclosed to you at the time we collect Personal Data or any other purposes indicated in this Privacy Policy.

We will not use the information gained through your use of the HealthKit framework for advertising or similar services, or sell it to advertising platforms, data brokers, or information resellers. 

We will not process Personal Data in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by you in accordance with Section 2 of this Privacy Policy or collect any Personal Data that is not required for the mentioned purposes. For any new purpose of processing we will ask your separate explicit consent. To the extent necessary for those purposes, we take all reasonable steps to ensure that Personal Data is reliable for its intended use, accurate, complete, and current. We also undertake to collect only such amount and type of Personal Data that is strictly required for the purposes mentioned in this Section of the Privacy Policy («data minimization principle»).

3. Your rights

Modification, correction and erasure

You are able to modify, correct, erase, and update your Personal Data by writing us at care@simple.life.

Access

You have a right to access your Personal Data you insert into the App and ask us about what kind of Personal Data we have about you. You can do this by by writing us at care@simple.life.

EU residents

Individuals residing in the countries of the European Union have certain statutory rights in relation to their personal data introduced by the General Data Protection Regulation (the «GDPR»). Subject to any exemptions provided by law, you may have the right to request access to Personal data (including in a structured and portable form), as well as to seek to update, delete or correct Personal data:

a. Rectification of Personal Data and Restriction of Processing. You are responsible for ensuring the accuracy of your Personal Data that you submit to the App. Inaccurate information will affect your experience when using the Simple Web Sites and tools and our ability to contact you as described in this Privacy Policy. If you believe that your Personal Data is inaccurate, you have right to contact us and ask us to correct such Personal Data by contacting us at care@simple.life. You shall also have the right to request restriction of processing of your Personal Data, if you contest the accuracy of the Personal Data and we need some time to verify its accuracy.

b. Access to your Personal Data and Data Portability. The App gives you the ability to access and update Personal Data within the App and your account settings. You shall have the right to request information about whether we have any Personal Data about you, to access your Personal data (including in a structured and portable form) by simply writing us at care@simple.life.

c. Erasure of your Personal Data. If you believe that your Personal Data is no longer necessary in relation to the purposes for which it was collected or otherwise processed, or in cases where you have withdrawn your consent or object to the processing of your Personal Data, or in cases where the processing of your Personal Data does not otherwise comply with the GDPR, you have right to contact us and ask us to erase such Personal Data as described above. You can simply write us at care@simple.life. Please be aware that erasing some Personal Data inserted by you may affect your possibility to utilize the App and its features. Erasure of some Personal Data may also take some time due to technical reasons.

d. Right to object processing of your Personal Data. You can object processing your Personal Data and stop us from processing your Personal data, simply write us at care@simple.life. Please be aware that erasing some Personal Data inserted by you may affect your possibility to use the App and its features.

e. Notice about automated decision-making. We may use automated decision-making tools (e.g. neural networks) that process your Personal Data in order to provide you proper Services (for example, suggesting new fasting protocols or providing insights). Normally, such automated decision-making works more precisely, if you insert more Personal Data about your meal intake details, fasting times, physical activities that our neural networks can work with. Our neural networks process this information in order to track particular dependencies and correlations in your eating patterns and provide you more personalized information about your lifestyle.

f. Notification requirements. We commit to notify you (within reasonable period of time) and your data protection authority (within the timeframe specified in applicable law) about any personal data breaches in the App.

g. Data Protection Authorities. Subject to GDPR, you also have the right to (i) restrict our use of Personal Data and (ii) lodge a complaint with your local data protection authority about any of our activities that you deem are not compliant with GDPR.

Please keep in mind that in case of a vague access, erasure, objection request or any other request in exercise of the mentioned rights we may engage the individual in a dialogue so as to better understand the motivation for the request and to locate responsive information. In case this is impossible, we reserve the right to refuse granting your request.

Following the provisions of GDPR we might also require you to prove your identity (for example, by requesting an ID or any other proof of identity) in order for you to invoke the mentioned rights, specifically if you exercise them in respect to special categories of Personal Data like data about health. This is made to ensure that no rights of third parties are violated by your request, and the rights described in this section are exercised by an actual Personal Data subject or an authorized person.

Please note that we will grant your request within 30 days after receiving it, but it may take us up to 90 days in some cases, for example for full erasure of your Personal Data stored in our backup systems - this is due to the size and complexity of the systems we use to store data.

4. Sharing your personal data and information

a. Personal Data we share with third parties. We will not share your Personal Data with any third parties except as specified by the Section 4  and Section 11 of the Privacy Policy.

Provided we receive your consent as appropriate under applicable law, we may share some of your Personal Data with AppsFlyer, a mobile marketing platform. By using AppsFlyer and its integrated partners we are able to reach more people like you and spread the word about the App to help more people to stay in control with their health and wellbeing.

Read more about AppsFlyer here and its integrated partners here

To accomplish the above-mentioned goal, we may share certain Personal data with AppsFlyer and some of its integrated partners as indicated below.

Here is a step-by-step illustration of how we utilize AppsFlyer and its integrated partners:

1. You become a Simple App user and opt-in for sharing Personal data, strictly limited to the following set: 

a)  Technical identifiers: IP address (which may also provide general location information), User agent, IDFA (Identifier for advertisers), Google Advertiser ID, Customer issued user ID and other similar unique technical identifiers.
b) Your age group;
c) Your subscription status;
d) The fact of application launch.

2. Simple App sends your data to AppsFlyer, which analyzes it and provides us reports and insights on how to optimize our promotional campaigns.

3. At the same time, AppsFlyer sends your data to some of its integrated partners (e.g. Pinterest, Google Ads, Apple Search Ads, Facebook marketing network, and a couple of others) to find people like you on different platforms, including social media websites. These integrated partners analyze your data (so-called "custom audience") and show relevant information about the App to people who might be potentially interested in it (so-called "lookalike audience").

4. This is how new users find out about Simple, get educational and motivational insights and track their fasting, change their nutrition habits and improve their health. You contribute to the growth of Simple community providing your consent to use Simple App. 

NON-EU USERS ONLY. We may also directly share your Personal data as defined by this Section of the Privacy Policy with the following third-party services:
 
1. Facebook Lookalike Audiences. We utilize Facebook advertising service called "lookalike audiences" to identify potential new Simple users on Facebook based on the information from the existing Simple users. We use the service to identify people on Facebook who might like Simple as much as our current users do.

2. Snapchat. Snapchat is a popular social network, and we utilize its targeting features to reach more people on Snapchat like our users. See more about Snapchat privacy settings here.

Here is a step-by-step illustration of how we utilize Facebook Lookalike Audience and Snapchat:

1. You become a Simple App user and opt-in for sharing Personal data, strictly limited to the following set: 

a)  Technical identifiers: IP address (which may also provide general location information), user agent, IDFA (Identifier for Advertisers), Google Advertiser ID, Customer-issued user ID, and other similar unique technical identifiers;
b) Your age group;
c) Your subscription status;
d) The fact of application launch.

2. Simple App sends your data to Facebook Lookalike audience service and Snapchat to find people like you on these platforms. These third-party services analyze your data (so-called "custom audience") and show relevant information about the App to people who might potentially be interested in it (so-called "lookalike audience").

3. This is how new users find out about Simple, get educational and motivational insights and track their fasting, change their nutrition habits and improve their health. You contribute to the growth of Simple community providing your consent to use Simple App.  

All third-party services regulated by this Section 4 (a) of the Privacy Policy are either EU-based or compliant with the GDPR (for example, EU-US Privacy Shield Framework that ensures that the European data protection requirement is met).

PLEASE NOTE THAT WE WILL NEVER SHARE YOUR EXACT AGE OR ANY DATA RELATED TO YOUR HEALTH WITH ANY THIRD PARTIES.

OPT-OUT OPTIONS. YOU CAN WITHDRAW YOUR CONSENT TO SHARING OF YOUR PERSONAL DATA IN ACCORDANCE WITH THIS SECTION ANYTIME BY USING ONE OF THE FOLLOWING OPTIONS:

1. BY CONTACTING US AT care@simple.life;

2. BY ADJUSTING YOUR DEVICE SETTINGS IN ORDER TO STOP SHARING YOUR IDFA WITH ANY THIRD PARTIES. IN SUCH CASE NO THIRD PARTY WILL BE ABLE TO UTILIZE YOUR PERSONAL DATA IN ACCORDANCE WITH THIS SECTION OF THE PRIVACY POLICY.

b. Aggregated Information. We may share aggregated, anonymized or de-identified information, which cannot reasonably be used to identify you, including with our partners or research institutions. For example, we may share, including, without limitation, in articles, blog posts and scientific publications, general age demographic information and aggregate statistics about certain activities or symptoms from data collected to help identify patterns across users.

c. Special Circumstances. We will not share any of your Personal Data to any third party except as otherwise stated in this Privacy Policy and in the following circumstances: (i) in response to subpoenas, court orders or legal processes, to the extent permitted and as restricted by law (including to meet national security or law enforcement requirements); (ii) when disclosure is required to maintain the security and integrity of the App, or to protect any user's security or the security of other persons, consistent with applicable laws; (iii) when disclosure is directed or consented to by the user who has input the Personal Data; (iv) in the event that we go through a business transition, such as a merger, divestiture, acquisition, liquidation or sale of all or a portion of its assets, your information will, in most instances, be part of the assets transferred.

d. Information Posted by User. The App features several community areas and other public forums where users with similar interests or medical conditions can share information and support one another or where users can post questions for experts to answer. We also offer online discussions which may be moderated by healthcare experts. Our communities are open to [the public/the App community] and should not be considered private.

Any information (including Personal Data) you share in any online community area or online discussion is by design open to the public and is not private. You should think carefully before posting any Personal Data in any public forum. What you post can be seen, disclosed to, or collected by third parties and may be used by others in ways we cannot control or predict, including to contact you for unauthorized purposes. As with any public forum on any site, the information you post may also show up in third-party search engines.

If you mistakenly post Personal Data in our community areas and would like it removed, you can send us an email as listed below to request that we remove it. In some cases, we may not be able to remove your Personal Data, e.g. for technical reasons.

e. Third party (onward) transfers and Privacy Shield compliance. In the context of an onward transfer, if you provided us your explicit consent for such transfer, we have responsibility for the processing of Personal Data we receive under the Privacy Shield (See Section 12 of this Privacy Policy) or generally from the EU and Swiss residents and subsequently transfer to a third party acting as an agent on our behalf. We remain liable under the Principles (as defined below) and GDPR if our agent processes such Personal Data in a manner inconsistent with the Principles and GDPR, unless we prove that we are not responsible for the event giving rise to the damage. For any onward transfer we commit to execute a formal agreement with any receiving party or processor acting on our behalf.

If we receive Personal Data subject to our certification under the Privacy Shield and then transfer it to a third-party service provider acting as an agent on our behalf, we have certain liability under the Privacy Shield if both (i) the agent processes the Personal Data in a manner inconsistent with the Privacy Shield and (ii) we are responsible for the event giving rise to the damage.

5. Retention of your personal data

We will retain your Personal Data as long as your account is active or needed to provide you services, and only for as long as it serves purposes of processing identified in Section 2 of this Privacy Policy. At any time, you can remove your Personal Data as specified in Section 3 of this Privacy Policy.

You should be aware that we may retain certain Personal Data and other information after your account has been terminated in an aggregated, anonymized form. Any posts or comments you submit may remain visible if and after you delete your account. We are not obligated to remove your posts or comments. We reserve the right to use your information in any aggregated data collection after you have terminated your account, however we will ensure that the use of such information will not identify you personally. We will also retain your Personal Data as necessary to comply with legal obligations, resolve disputes and enforce our agreements.

If you remove data from your account, you will no longer see it in the App, but some backups of the data may remain in our archive servers for a reasonable period of time due to technical solutions we use. However, we undertake to delete any such backups within a reasonable period of time.

If you choose to delete the App, deactivate your account, we retain your Personal data for as long as your account is active and a reasonable period thereafter in case you decide to re-activate the Services. We also retain some of your information as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, to support business operations, and to continue to develop and improve our Services. Where we retain information for Service improvement and development, we take steps to eliminate information that directly identifies you, and we only use the information to uncover collective insights about the use of our Services, not to specifically analyze personal characteristics about you.

6. Personal data you elect to share with third parties

You can direct us to share data from the App with other parties. For example, you can permit us to share data with other health apps and services like Apple HealthKit. Once you direct us to share your data with a third party, that third party will have their own privacy policy and we do not control how the third party uses or handles the information. You can revoke your consent to share information with such a third party at any time in your App account settings.

We take reasonable steps in order to ensure compliance of such third parties with any applicable laws that might govern processing of your Personal Data. For example, for the EU residents' Personal Data we make reasonable efforts to ensure that such third parties are GDPR compliant and have GDPR compliant privacy policies in place.

7. Security

We take all reasonable and appropriate measures to protect all collected Personal Data from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the nature of the Personal Data that we process and risks associated with special categories of Personal Data we collect (information about health). Among others, we utilize the following information security measures to protect your Personal Data:

a. Encryption of your Personal Data in transit and in rest;

b. Systematic vulnerability scanning and penetration testing;

c. Protection of data integrity;

d. Organizational and legal measures. For example, our employees have different levels of access to your Personal Data and only those in charge of data management get access to your Personal Data and only for limited purposes required for the operation of the App. We impose strict liability on our employees for any disclosures, unauthorized accesses, alterations, destructions, misuses of your Personal Data.

e. Conducting periodical data protection impact assessments in order to ensure that the App fully adheres to the principles of "privacy by design", "privacy by default" and others. We also commit to undertake privacy audit in case of Company's merger or takeover.

Please understand that you can help keep your information secure by choosing and protecting your password appropriately, not sharing your password and preventing others from using your mobile device. Please understand that no security system is perfect and, as such, we cannot guarantee the absolute security of the App, or that your information won't be intercepted while being transmitted to us. If we learn of a security systems breach, we may either post a notice, or attempt to notify you by email and will take reasonable steps to remedy the breach as specified in this Privacy Policy.

We process information in a way that is compatible with and relevant for the purpose for which it was collected. To the extent necessary for those purposes, we take reasonable and appropriate steps to ensure that any information in our care is accurate, complete, current and reliable for its intended use.

8. Children's privacy

General age limitation. We are committed to protecting the privacy of children. The App is not intended for children and we do not intentionally collect information about children under 18 years old. The App does not collect Personal Data from any person the Company actually knows is under the age of 18. If you are aware of anyone under 18 using the App, please contact us at care@simple.life and we will take required steps to delete such information and (or) delete his or her account.

9. Third party links

Although the App may contain links to third party websites or services, we are not responsible for the privacy policies and/or practices on those third-party websites or services. Please understand that this Privacy Policy applies only to information we collect from you. Where we have linked to a third-party website or service, you should read the privacy policy stated on that third-party website or service.

10. Privacy of payments

To process payments for particular features and functions of the App we may engage third-party payment providers.

For example, we use Apple for processing of payments in connection with our subscriptions offered on App Store. Please note that we never collect and we are not responsible for the collection or security of banking, financial, and payment information. Such information is processed and stored by Apple only. Apple can be contacted through their website: https://www.apple.com

11. Email Communications

We may contact you from time to time via email to communicate with you about products, services, offers, promotions, rewards, and events offered by us and others, and provide news and information that we think will be of interest to you. You can always opt out of receiving emails by unsubscribing via the "Unsubscribe" link contained in the email. Opting-out of these emails will not end transmission of important service-related emails that are necessary to your use of the App. If applicable laws prescribe so, certain exclusions may apply to the residents of some countries regarding an active opt-in for any email communications from us. We may ask such users to provide their consent for any such communications at the registration screen.
 
In such communications, we may also use surveys to receive your answers and feedback on various topics. Such information given by you via such surveys is processed by us for the purposes set forth in this Privacy Policy.
 
In order to provide communication services, we may engage third-party service providers to carry out such newsletter services, surveys or notifications campaigns. Currently, we engage the following third-party services:
  1. SendGrid. SendGrid is an email automation platform provided by SendGrid, Inc (USA). We use SendGrid to reach more of our users with our newsletters, surveys and notifications. We may transfer your email address and some personalized texts to SendGrid. SendGrid will never use your email address and personalized texts except sending our messages and notices to you. We store your email addresses and personalized texts via SendGrid and you can request us to delete them from SendGrid platform in accordance with Section 3 of this Privacy Policy.

You can find the privacy policies of these services on their websites. These companies are compliant with the EU-US Privacy Shield Framework that ensures that European data privacy requirements are met.

12. International personal data transfers

General. The Company is based in the Republic of Cyprus and the information we collect is governed by Cypriot and European law. Please be advised that Cypriot and Europenian law and laws of other countries may not offer the same protections as the law of your jurisdiction.

In addition, you agree that information collected through the App may be stored and processed in the U.S., where the Company rents servers, or in any other country in which the Company or its affiliates, subsidiaries or agents maintain facilities, and by using the App, you consent to any such transfer of information outside of your country.

Complaints and Dispute Resolution. In compliance with the Privacy Shield Principles, we commit to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact us at dpo@simple.life.

Arbitration. You may also be able to invoke binding arbitration for unresolved complaints but prior to initiating such arbitration, a resident of a European country participating in the Privacy Shield must first: (1) contact us and afford us the opportunity to resolve the issue; (2) seek assistance from JAMS; and (3) contact the U.S. Department of Commerce (either directly or through a European Data Protection Authority) and afford the Department of Commerce time to attempt to resolve the issue. If such a resident invokes binding arbitration, each party shall be responsible for its own attorney's fees. Please be advised that, pursuant to the Privacy Shield, the arbitrator(s) may only impose individual-specific, non-monetary, equitable relief necessary to remedy any violation of the Privacy Shield Principles with respect to the resident. The arbitration option may not be invoked if the individual's same claimed violation of the Principles (1) has previously been subject to binding arbitration; (2) was the subject of a final judgment entered in a court action to which the individual was a party; or (3) was previously settled by the parties.

13. Data protection officer

To communicate with our Data Protection Officer, please email at dpo@simple.life.

14. Contact us

If you have any questions or concerns about your privacy, any provisions of this Privacy Policy or any of your rights, you may contact us at:

AM APPS LTD
Office 902, Oval, Krinou 3, Ayios Athanasios, 4103, Limassol, Cyprus
Email: care@simple.life